system: mention need to unlock a locked root account

When all actions are privilege-separated we can probably strip this part again.
2026-03-13 16:14:40 +00:00 · 2018-06-02 16:58:11 +02:00 · 2018-06-02 16:58:11 +02:00 · ded0fee3f4
commit ded0fee3f4
parent e741b9e450
1 changed files with 8 additions and 0 deletions
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@ -464,6 +464,14 @@ function local_user_set(&$user, $force_password = false)
        $user_home = '/root';

        if ($lock_account == 'lock') {
+            /*
+             * The root account should not be locked, as this will have
+             * side-effects such as cron not working correctly.  Set
+             * password to unreachable "*" instead.  Our auth framework
+             * already checks for disabled elsewhere so we only need to
+             * prevent root login in the console when integrated
+             * authentication is off.
+             */
            $lock_account = 'unlock';
            $user_pass = '*';
        }